 
  

 






<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html>

<!-- Mirrored from www.javapractices.com/topic/TopicAction.do?Id=96 by HTTrack Website Copier/3.x [XR&CO'2010], Sun, 12 Jun 2011 17:28:07 GMT -->
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=UTF-8"><!-- /Added by HTTrack -->
<head>
 <title>
  Java Practices -> Escape special characters
 </title>
 <link rel="stylesheet" type="text/css" href="../stylesheet8.css" media="all">
 
 <link rel="shortcut icon" href='../images/favicon.ico' type="image/vnd.microsoft.icon">
 <meta name="description" content="Concise presentations of java programming practices, tasks, and conventions, amply illustrated with syntax highlighted code examples.">
 
 <meta name='keywords' content='encode,EscapeChars,URLEncoder,escape,JSP,servlet,java,java programming,java practices,java idiom,java style,java design patterns,java coding conventions,'>
 
 
</head>
 
<body>


<div class='menu-bar'>
 
  <a href='../home/HomeAction.html' title='Table of Contents'>Home</a> |
  <a href='../vote/VoteSummaryAction-2.html' title='View Poll Results'>Poll</a> |
   
  <A href='../feedback/FeedbackAction451f-2.html?Operation=Show' title='Send Your Feedback'>Wiki</a> |
  <b><a href='../source/SourceAction-2.html' title='Grab Source Code'>Source Code</a></b><IMG class='no-margin' SRC="../images/goldstar.gif" ALT=""> |

  <a href='http://www.web4j.com/Java_Web_Application_Framework_Overview.jsp?From=1' title='Free Download - Java Web Application Framework'><b>WEB4J</b></a> |
  
  <a href='http://www.date4j.net/' title='Replacement for java.util.Date'><b>DATE4J</b></a> |

   <a href='../references/ReferencesAction-2.html' title='References'>Links</a>
   
  <form action='http://www.javapractices.com/search/SearchAction.do' method='get' class='search-form'>
   <input type='text' name='SearchTerms' value="" size=12 maxlength=50 class='search'>
   <input type='submit' value="Search">
  </form>
 
</div>

<P>



  

 






<p class="display-messages">

 

 

</p>


<div class="main-layout">
 
   

 




<div class='page-title'>Escape special characters</div>

<div class='main-body'>
 
<br>
Arbitrary text placed in an HTML tag often needs to be altered, to
ensure that the resulting HTML remains valid.
<p>Problem characters can include
<ul>
<li>
&lt;</li>

<li>
></li>

<li>
"</li>

<li>
'</li>

<li>
\</li>

<li>
&amp;</li>
</ul>
These characters can be replaced with HTML <a href="http://www.w3.org/TR/html401/sgml/entities.html">character entities</a>. 
For example, <tt>&lt;</tt> can be replaced with <tt>&amp;lt;</tt>.
<p>Query strings (<tt>Blah=1&amp;Name=Bob</tt>) often need to be escaped
as well. If the query string contains special characters, it will need
to be "URL encoded". (See the <a href="http://java.sun.com/javase/6/docs/api/java/net/URLEncoder.html">javadoc</a>
for the <tt>URLEncoder</tt> class for further information.) This will ensure
the query string conforms with valid HTTP.
<p>There is often a second issue, however, with regard to query strings.
If a query string is placed in an <tt>HREF</tt> attribute, then even a
URL encoded query string is often not of valid form. This is because <tt>URLEncoder</tt>
produces valid <i>HTTP</i>, but it does not in general produce text which
is a valid <i>HTML attribute</i> - the ampersand character needs to be
replaced by the corresponding character entity <tt>&amp;amp;</tt>.
<p>Here is an example of a utility class which escapes special characters
for HTML, XML, regular expressions, and so on.
<br>
<PRE>

<span class='keyword'>package</span> hirondelle.web4j.util;

<span class='keyword'>import</span> java.net.URLEncoder;
<span class='keyword'>import</span> java.io.UnsupportedEncodingException;
<span class='keyword'>import</span> java.text.CharacterIterator;
<span class='keyword'>import</span> java.text.StringCharacterIterator;
<span class='keyword'>import</span> java.util.regex.Pattern;
<span class='keyword'>import</span> java.util.regex.Matcher;

<span class='keyword'>import</span> hirondelle.web4j.security.SafeText;
<span class='keyword'>import</span> hirondelle.web4j.ui.translate.Text;
<span class='keyword'>import</span> hirondelle.web4j.ui.translate.Tooltips;
<span class='keyword'>import</span> hirondelle.web4j.ui.translate.TextFlow;
<span class='keyword'>import</span> hirondelle.web4j.ui.tag.Populate;
<span class='keyword'>import</span> hirondelle.web4j.database.Report;

<span class='comment'>/**
 Convenience methods for escaping special characters related to HTML, XML, 
 and regular expressions.
 
 &lt;P&gt;To keep you safe by default, WEB4J goes to some effort to escape 
 characters in your data when appropriate, such that you &lt;em&gt;usually&lt;/em&gt;
 don't need to think too much about escaping special characters. Thus, you
  shouldn't need to &lt;em&gt;directly&lt;/em&gt; use the services of this class very often. 
 
 &lt;P&gt;&lt;span class='highlight'&gt;For Model Objects containing free form user input, 
 it is highly recommended that you use {@link SafeText}, not &lt;tt&gt;String&lt;/tt&gt;&lt;/span&gt;.
 Free form user input is open to malicious use, such as
 &lt;a href='http://www.owasp.org/index.php/Cross_Site_Scripting'&gt;Cross Site Scripting&lt;/a&gt;
 attacks. 
 Using &lt;tt&gt;SafeText&lt;/tt&gt; will protect you from such attacks, by always escaping 
 special characters automatically in its &lt;tt&gt;toString()&lt;/tt&gt; method.   
 
 &lt;P&gt;The following WEB4J classes will automatically escape special characters 
 for you, when needed : 
 &lt;ul&gt;
 &lt;li&gt;the {@link SafeText} class, used as a building block class for your 
 application's Model Objects, for modeling all free form user input
 &lt;li&gt;the {@link Populate} tag used with forms
 &lt;li&gt;the {@link Report} class used for creating quick reports
 &lt;li&gt;the {@link Text}, {@link TextFlow}, and {@link Tooltips} custom tags used 
 for translation
 &lt;/ul&gt; 
*/</span>
<span class='keyword'>public</span> <span class='keyword'>final</span> <span class='keyword'>class</span> EscapeChars {

  <span class='comment'>/**
    Escape characters for text appearing in HTML markup.
    
    &lt;P&gt;This method exists as a defence against Cross Site Scripting (XSS) hacks.
    The idea is to neutralize control characters commonly used by scripts, such that
    they will not be executed by the browser. This is done by replacing the control
    characters with their escaped equivalents.  
    See {@link hirondelle.web4j.security.SafeText} as well.
    
    &lt;P&gt;The following characters are replaced with corresponding 
    HTML character entities :
    &lt;table border='1' cellpadding='3' cellspacing='0'&gt;
    &lt;tr&gt;&lt;th&gt; Character &lt;/th&gt;&lt;th&gt;Replacement&lt;/th&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; &lt; &lt;/td&gt;&lt;td&gt; &amp;lt; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; &gt; &lt;/td&gt;&lt;td&gt; &amp;gt; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; &amp; &lt;/td&gt;&lt;td&gt; &amp;amp; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; " &lt;/td&gt;&lt;td&gt; &amp;quot;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; &#092;t &lt;/td&gt;&lt;td&gt; &amp;#009;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ! &lt;/td&gt;&lt;td&gt; &amp;#033;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; # &lt;/td&gt;&lt;td&gt; &amp;#035;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; $ &lt;/td&gt;&lt;td&gt; &amp;#036;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; % &lt;/td&gt;&lt;td&gt; &amp;#037;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ' &lt;/td&gt;&lt;td&gt; &amp;#039;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ( &lt;/td&gt;&lt;td&gt; &amp;#040;&lt;/td&gt;&lt;/tr&gt; 
    &lt;tr&gt;&lt;td&gt; ) &lt;/td&gt;&lt;td&gt; &amp;#041;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; * &lt;/td&gt;&lt;td&gt; &amp;#042;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; + &lt;/td&gt;&lt;td&gt; &amp;#043; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; , &lt;/td&gt;&lt;td&gt; &amp;#044; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; - &lt;/td&gt;&lt;td&gt; &amp;#045; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; . &lt;/td&gt;&lt;td&gt; &amp;#046; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; / &lt;/td&gt;&lt;td&gt; &amp;#047; &lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; : &lt;/td&gt;&lt;td&gt; &amp;#058;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ; &lt;/td&gt;&lt;td&gt; &amp;#059;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; = &lt;/td&gt;&lt;td&gt; &amp;#061;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ? &lt;/td&gt;&lt;td&gt; &amp;#063;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; @ &lt;/td&gt;&lt;td&gt; &amp;#064;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; [ &lt;/td&gt;&lt;td&gt; &amp;#091;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; &#092; &lt;/td&gt;&lt;td&gt; &amp;#092;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ] &lt;/td&gt;&lt;td&gt; &amp;#093;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ^ &lt;/td&gt;&lt;td&gt; &amp;#094;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; _ &lt;/td&gt;&lt;td&gt; &amp;#095;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ` &lt;/td&gt;&lt;td&gt; &amp;#096;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; { &lt;/td&gt;&lt;td&gt; &amp;#123;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; | &lt;/td&gt;&lt;td&gt; &amp;#124;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; } &lt;/td&gt;&lt;td&gt; &amp;#125;&lt;/td&gt;&lt;/tr&gt;
    &lt;tr&gt;&lt;td&gt; ~ &lt;/td&gt;&lt;td&gt; &amp;#126;&lt;/td&gt;&lt;/tr&gt;
    &lt;/table&gt;
    
    &lt;P&gt;Note that JSTL's {@code &lt;c:out&gt;} escapes &lt;em&gt;only the first 
    five&lt;/em&gt; of the above characters.
   */</span>
   <span class='keyword'>public</span> <span class='keyword'>static</span> String forHTML(String aText){
     <span class='keyword'>final</span> StringBuilder result = <span class='keyword'>new</span> StringBuilder();
     <span class='keyword'>final</span> StringCharacterIterator iterator = <span class='keyword'>new</span> StringCharacterIterator(aText);
     <span class='keyword'>char</span> character =  iterator.current();
     <span class='keyword'>while</span> (character != CharacterIterator.DONE ){
       <span class='keyword'>if</span> (character == <span class='literal'>'&lt;'</span>) {
         result.append(<span class='literal'>"&amp;lt;"</span>);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&gt;'</span>) {
         result.append(<span class='literal'>"&amp;gt;"</span>);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&'</span>) {
         result.append(<span class='literal'>"&amp;amp;"</span>);
      }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;"'</span>) {
         result.append(<span class='literal'>"&amp;quot;"</span>);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;t'</span>) {
         addCharEntity(<span class='literal'>9</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'!'</span>) {
         addCharEntity(<span class='literal'>33</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'#'</span>) {
         addCharEntity(<span class='literal'>35</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'$'</span>) {
         addCharEntity(<span class='literal'>36</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'%'</span>) {
         addCharEntity(<span class='literal'>37</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;''</span>) {
         addCharEntity(<span class='literal'>39</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'('</span>) {
         addCharEntity(<span class='literal'>40</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>')'</span>) {
         addCharEntity(<span class='literal'>41</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'*'</span>) {
         addCharEntity(<span class='literal'>42</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'+'</span>) {
         addCharEntity(<span class='literal'>43</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>','</span>) {
         addCharEntity(<span class='literal'>44</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'-'</span>) {
         addCharEntity(<span class='literal'>45</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'.'</span>) {
         addCharEntity(<span class='literal'>46</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'/'</span>) {
         addCharEntity(<span class='literal'>47</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>':'</span>) {
         addCharEntity(<span class='literal'>58</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>';'</span>) {
         addCharEntity(<span class='literal'>59</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'='</span>) {
         addCharEntity(<span class='literal'>61</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'?'</span>) {
         addCharEntity(<span class='literal'>63</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'@'</span>) {
         addCharEntity(<span class='literal'>64</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'['</span>) {
         addCharEntity(<span class='literal'>91</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;&#092;'</span>) {
         addCharEntity(<span class='literal'>92</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>']'</span>) {
         addCharEntity(<span class='literal'>93</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'^'</span>) {
         addCharEntity(<span class='literal'>94</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'_'</span>) {
         addCharEntity(<span class='literal'>95</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'`'</span>) {
         addCharEntity(<span class='literal'>96</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'{'</span>) {
         addCharEntity(<span class='literal'>123</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'|'</span>) {
         addCharEntity(<span class='literal'>124</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'}'</span>) {
         addCharEntity(<span class='literal'>125</span>, result);
       }
       <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'~'</span>) {
         addCharEntity(<span class='literal'>126</span>, result);
       }
       <span class='keyword'>else</span> {
         <span class='comment'>//the char is not a special one
</span>         <span class='comment'>//add it to the result as is
</span>         result.append(character);
       }
       character = iterator.next();
     }
     <span class='keyword'>return</span> result.toString();
  }
  

  <span class='comment'>/**
   Escape all ampersand characters in a URL. 
    
   &lt;P&gt;Replaces all &lt;tt&gt;'&amp;'&lt;/tt&gt; characters with &lt;tt&gt;'&amp;amp;'&lt;/tt&gt;.
   
  &lt;P&gt;An ampersand character may appear in the query string of a URL.
   The ampersand character is indeed valid in a URL.
   &lt;em&gt;However, URLs usually appear as an &lt;tt&gt;HREF&lt;/tt&gt; attribute, and 
   such attributes have the additional constraint that ampersands 
   must be escaped.&lt;/em&gt;
   
   &lt;P&gt;The JSTL &lt;c:url&gt; tag does indeed perform proper URL encoding of 
   query parameters. But it does not, in general, produce text which 
   is valid as an &lt;tt&gt;HREF&lt;/tt&gt; attribute, simply because it does 
   not escape the ampersand character. This is a nuisance when 
   multiple query parameters appear in the URL, since it requires a little 
   extra work.
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forHrefAmpersand(String aURL){
    <span class='keyword'>return</span> aURL.replace(<span class='literal'>"&"</span>, <span class='literal'>"&amp;amp;"</span>);
  }
   
  <span class='comment'>/**
    Synonym for &lt;tt&gt;URLEncoder.encode(String, "UTF-8")&lt;/tt&gt;.
   
    &lt;P&gt;Used to ensure that HTTP query strings are in proper form, by escaping
    special characters such as spaces.
   
    &lt;P&gt;It is important to note that if a query string appears in an &lt;tt&gt;HREF&lt;/tt&gt;
    attribute, then there are two issues - ensuring the query string is valid HTTP
    (it is URL-encoded), and ensuring it is valid HTML (ensuring the 
    ampersand is escaped).
   */</span>
   <span class='keyword'>public</span> <span class='keyword'>static</span> String forURL(String aURLFragment){
     String result = <span class='keyword'>null</span>;
     <span class='keyword'>try</span> {
       result = URLEncoder.encode(aURLFragment, <span class='literal'>"UTF-8"</span>);
     }
     <span class='keyword'>catch</span> (UnsupportedEncodingException ex){
       <span class='keyword'>throw</span> <span class='keyword'>new</span> RuntimeException(<span class='literal'>"UTF-8 not supported"</span>, ex);
     }
     <span class='keyword'>return</span> result;
   }

  <span class='comment'>/**
   Escape characters for text appearing as XML data, between tags.
   
   &lt;P&gt;The following characters are replaced with corresponding character entities :
   &lt;table border='1' cellpadding='3' cellspacing='0'&gt;
   &lt;tr&gt;&lt;th&gt; Character &lt;/th&gt;&lt;th&gt; Encoding &lt;/th&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; &lt; &lt;/td&gt;&lt;td&gt; &amp;lt; &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; &gt; &lt;/td&gt;&lt;td&gt; &amp;gt; &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; &amp; &lt;/td&gt;&lt;td&gt; &amp;amp; &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; " &lt;/td&gt;&lt;td&gt; &amp;quot;&lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; ' &lt;/td&gt;&lt;td&gt; &amp;#039;&lt;/td&gt;&lt;/tr&gt;
   &lt;/table&gt;
   
   &lt;P&gt;Note that JSTL's {@code &lt;c:out&gt;} escapes the exact same set of 
   characters as this method. &lt;span class='highlight'&gt;That is, {@code &lt;c:out&gt;}
    is good for escaping to produce valid XML, but not for producing safe 
    HTML.&lt;/span&gt;
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forXML(String aText){
    <span class='keyword'>final</span> StringBuilder result = <span class='keyword'>new</span> StringBuilder();
    <span class='keyword'>final</span> StringCharacterIterator iterator = <span class='keyword'>new</span> StringCharacterIterator(aText);
    <span class='keyword'>char</span> character =  iterator.current();
    <span class='keyword'>while</span> (character != CharacterIterator.DONE ){
      <span class='keyword'>if</span> (character == <span class='literal'>'&lt;'</span>) {
        result.append(<span class='literal'>"&amp;lt;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&gt;'</span>) {
        result.append(<span class='literal'>"&amp;gt;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;"'</span>) {
        result.append(<span class='literal'>"&amp;quot;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;''</span>) {
        result.append(<span class='literal'>"&amp;#039;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&'</span>) {
         result.append(<span class='literal'>"&amp;amp;"</span>);
      }
      <span class='keyword'>else</span> {
        <span class='comment'>//the char is not a special one
</span>        <span class='comment'>//add it to the result as is
</span>        result.append(character);
      }
      character = iterator.next();
    }
    <span class='keyword'>return</span> result.toString();
  }
  
  <span class='comment'>/**
   Escapes characters for text appearing as data in the 
   &lt;a href='http://www.json.org/'&gt;Javascript Object Notation&lt;/a&gt;
   (JSON) data interchange format.
   
   &lt;P&gt;The following commonly used control characters are escaped :
   &lt;table border='1' cellpadding='3' cellspacing='0'&gt;
   &lt;tr&gt;&lt;th&gt; Character &lt;/th&gt;&lt;th&gt; Escaped As &lt;/th&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; " &lt;/td&gt;&lt;td&gt; &#092;" &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; &#092; &lt;/td&gt;&lt;td&gt; &#092;&#092; &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; / &lt;/td&gt;&lt;td&gt; &#092;/ &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; back space &lt;/td&gt;&lt;td&gt; &#092;b &lt;/td&gt;&lt;/tr&gt; 
   &lt;tr&gt;&lt;td&gt; form feed &lt;/td&gt;&lt;td&gt; &#092;f &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; line feed &lt;/td&gt;&lt;td&gt; &#092;n &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; carriage return &lt;/td&gt;&lt;td&gt; &#092;r &lt;/td&gt;&lt;/tr&gt;
   &lt;tr&gt;&lt;td&gt; tab &lt;/td&gt;&lt;td&gt; &#092;t &lt;/td&gt;&lt;/tr&gt;
   &lt;/table&gt;
   
   &lt;P&gt;See &lt;a href='http://www.ietf.org/rfc/rfc4627.txt'&gt;RFC 4627&lt;/a&gt; for more information.
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forJSON(String aText){
    <span class='keyword'>final</span> StringBuilder result = <span class='keyword'>new</span> StringBuilder();
    StringCharacterIterator iterator = <span class='keyword'>new</span> StringCharacterIterator(aText);
    <span class='keyword'>char</span> character = iterator.current();
    <span class='keyword'>while</span> (character != StringCharacterIterator.DONE){
      <span class='keyword'>if</span>( character == <span class='literal'>'&#092;"'</span> ){
        result.append(<span class='literal'>"&#092;&#092;&#092;""</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;&#092;'</span>){
        result.append(<span class='literal'>"&#092;&#092;&#092;&#092;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'/'</span>){
        result.append(<span class='literal'>"&#092;&#092;/"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;b'</span>){
        result.append(<span class='literal'>"&#092;&#092;b"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;f'</span>){
        result.append(<span class='literal'>"&#092;&#092;f"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;n'</span>){
        result.append(<span class='literal'>"&#092;&#092;n"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;r'</span>){
        result.append(<span class='literal'>"&#092;&#092;r"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span>(character == <span class='literal'>'&#092;t'</span>){
        result.append(<span class='literal'>"&#092;&#092;t"</span>);
      }
      <span class='keyword'>else</span> {
        <span class='comment'>//the char is not a special one
</span>        <span class='comment'>//add it to the result as is
</span>        result.append(character);
      }
      character = iterator.next();
    }
    <span class='keyword'>return</span> result.toString();    
  }

  <span class='comment'>/**
   Return &lt;tt&gt;aText&lt;/tt&gt; with all &lt;tt&gt;'&lt;'&lt;/tt&gt; and &lt;tt&gt;'&gt;'&lt;/tt&gt; characters
   replaced by their escaped equivalents.
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String toDisableTags(String aText){
    <span class='keyword'>final</span> StringBuilder result = <span class='keyword'>new</span> StringBuilder();
    <span class='keyword'>final</span> StringCharacterIterator iterator = <span class='keyword'>new</span> StringCharacterIterator(aText);
    <span class='keyword'>char</span> character =  iterator.current();
    <span class='keyword'>while</span> (character != CharacterIterator.DONE ){
      <span class='keyword'>if</span> (character == <span class='literal'>'&lt;'</span>) {
        result.append(<span class='literal'>"&amp;lt;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&gt;'</span>) {
        result.append(<span class='literal'>"&amp;gt;"</span>);
      }
      <span class='keyword'>else</span> {
        <span class='comment'>//the char is not a special one
</span>        <span class='comment'>//add it to the result as is
</span>        result.append(character);
      }
      character = iterator.next();
    }
    <span class='keyword'>return</span> result.toString();
  }
  

  <span class='comment'>/**
   Replace characters having special meaning in regular expressions
   with their escaped equivalents, preceded by a '&#092;' character.
  
   &lt;P&gt;The escaped characters include :
  &lt;ul&gt;
  &lt;li&gt;.
  &lt;li&gt;&#092;
  &lt;li&gt;?, * , and +
  &lt;li&gt;&
  &lt;li&gt;:
  &lt;li&gt;{ and }
  &lt;li&gt;[ and ]
  &lt;li&gt;( and )
  &lt;li&gt;^ and $
  &lt;/ul&gt;
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forRegex(String aRegexFragment){
    <span class='keyword'>final</span> StringBuilder result = <span class='keyword'>new</span> StringBuilder();

    <span class='keyword'>final</span> StringCharacterIterator iterator = 
      <span class='keyword'>new</span> StringCharacterIterator(aRegexFragment)
    ;
    <span class='keyword'>char</span> character =  iterator.current();
    <span class='keyword'>while</span> (character != CharacterIterator.DONE ){
      <span class='comment'>/*
       All literals need to have backslashes doubled.
      */</span>
      <span class='keyword'>if</span> (character == <span class='literal'>'.'</span>) {
        result.append(<span class='literal'>"&#092;&#092;."</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&#092;&#092;'</span>) {
        result.append(<span class='literal'>"&#092;&#092;&#092;&#092;"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'?'</span>) {
        result.append(<span class='literal'>"&#092;&#092;?"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'*'</span>) {
        result.append(<span class='literal'>"&#092;&#092;*"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'+'</span>) {
        result.append(<span class='literal'>"&#092;&#092;+"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'&'</span>) {
        result.append(<span class='literal'>"&#092;&#092;&"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>':'</span>) {
        result.append(<span class='literal'>"&#092;&#092;:"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'{'</span>) {
        result.append(<span class='literal'>"&#092;&#092;{"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'}'</span>) {
        result.append(<span class='literal'>"&#092;&#092;}"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'['</span>) {
        result.append(<span class='literal'>"&#092;&#092;["</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>']'</span>) {
        result.append(<span class='literal'>"&#092;&#092;]"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'('</span>) {
        result.append(<span class='literal'>"&#092;&#092;("</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>')'</span>) {
        result.append(<span class='literal'>"&#092;&#092;)"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'^'</span>) {
        result.append(<span class='literal'>"&#092;&#092;^"</span>);
      }
      <span class='keyword'>else</span> <span class='keyword'>if</span> (character == <span class='literal'>'$'</span>) {
        result.append(<span class='literal'>"&#092;&#092;$"</span>);
      }
      <span class='keyword'>else</span> {
        <span class='comment'>//the char is not a special one
</span>        <span class='comment'>//add it to the result as is
</span>        result.append(character);
      }
      character = iterator.next();
    }
    <span class='keyword'>return</span> result.toString();
  }
  
  <span class='comment'>/**
   Escape &lt;tt&gt;'$'&lt;/tt&gt; and &lt;tt&gt;'&#092;'&lt;/tt&gt; characters in replacement strings.
   
   &lt;P&gt;Synonym for &lt;tt&gt;Matcher.quoteReplacement(String)&lt;/tt&gt;.
   
   &lt;P&gt;The following methods use replacement strings which treat 
   &lt;tt&gt;'$'&lt;/tt&gt; and &lt;tt&gt;'&#092;'&lt;/tt&gt; as special characters:
   &lt;ul&gt;
   &lt;li&gt;&lt;tt&gt;String.replaceAll(String, String)&lt;/tt&gt;
   &lt;li&gt;&lt;tt&gt;String.replaceFirst(String, String)&lt;/tt&gt;
   &lt;li&gt;&lt;tt&gt;Matcher.appendReplacement(StringBuffer, String)&lt;/tt&gt;
   &lt;/ul&gt;
   
   &lt;P&gt;If replacement text can contain arbitrary characters, then you 
   will usually need to escape that text, to ensure special characters 
   are interpreted literally.
  */</span>
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forReplacementString(String aInput){
    <span class='keyword'>return</span> Matcher.quoteReplacement(aInput);
  }
  
  <span class='comment'>/**
   Disable all &lt;tt&gt;&lt;SCRIPT&gt;&lt;/tt&gt; tags in &lt;tt&gt;aText&lt;/tt&gt;.
   
   &lt;P&gt;Insensitive to case.
  */</span>  
  <span class='keyword'>public</span> <span class='keyword'>static</span> String forScriptTagsOnly(String aText){
    String result = <span class='keyword'>null</span>;
    Matcher matcher = SCRIPT.matcher(aText);
    result = matcher.replaceAll(<span class='literal'>"&amp;lt;SCRIPT&gt;"</span>);
    matcher = SCRIPT_END.matcher(result);
    result = matcher.replaceAll(<span class='literal'>"&amp;lt;/SCRIPT&gt;"</span>);
    <span class='keyword'>return</span> result;
  }
  
  <span class='comment'>// PRIVATE //
</span>  
  <span class='keyword'>private</span> EscapeChars(){
    <span class='comment'>//empty - prevent construction
</span>  }
  
  <span class='keyword'>private</span> <span class='keyword'>static</span> <span class='keyword'>final</span> Pattern SCRIPT = Pattern.compile(
    <span class='literal'>"&lt;SCRIPT&gt;"</span>, Pattern.CASE_INSENSITIVE
   );
  <span class='keyword'>private</span> <span class='keyword'>static</span> <span class='keyword'>final</span> Pattern SCRIPT_END = Pattern.compile(
    <span class='literal'>"&lt;/SCRIPT&gt;"</span>, Pattern.CASE_INSENSITIVE
  );
  
  <span class='keyword'>private</span> <span class='keyword'>static</span> <span class='keyword'>void</span> addCharEntity(Integer aIdx, StringBuilder aBuilder){
    String padding = <span class='literal'>""</span>;
    <span class='keyword'>if</span>( aIdx <= <span class='literal'>9</span> ){
       padding = <span class='literal'>"00"</span>;
    }
    <span class='keyword'>else</span> <span class='keyword'>if</span>( aIdx <= <span class='literal'>99</span> ){
      padding = <span class='literal'>"0"</span>;
    }
    <span class='keyword'>else</span> {
      <span class='comment'>//no prefix
</span>    }
    String number = padding + aIdx.toString();
    aBuilder.append(<span class='literal'>"&#"</span> + number + <span class='literal'>";"</span>);
  }
}
 
</PRE>
<br>
<br>
<br>

</div>




<div class='topic-section'>See Also :</div>
<div class='main-body'>
 
  
  <a href='TopicAction18a7-2.html?Id=80'>Replace a substring</a> <br>
 
  
  <a href='TopicAction2c82-2.html?Id=201'>Beware of doubly escaped ampersands</a> <br>
 
</div>


<div class='topic-section'>Would you use this technique?</div>
<div class='main-body'>
  
  <form action="http://www.javapractices.com/vote/AddVoteAction.do" method='post'>
    Yes<input type='radio' name='Choice' value='Y' >
    &nbsp;&nbsp;No<input type='radio' name='Choice' value='N'>
    &nbsp;&nbsp;Undecided<input type='radio' name='Choice' value="?" >
    &nbsp;&nbsp;<input type=submit value="Vote" >
    <input type='hidden' name='Operation' value='Apply'>
    <input type='hidden' name='TopicId' value='96'>
  </form>
</div>

<div style='height:10.0em;'></div>

 
 
</div>

  

 





<div align='center' class='legalese'>  
&copy; 2011 Hirondelle Systems |
<a href='../source/SourceAction-2.html'><b>Source Code</b></a><IMG class='no-margin' SRC="../images/goldstar.gif" ALT=""> |
<a href="mailto:webmaster@javapractices.com">Contact</a> |
<a href="http://creativecommons.org/licenses/by-nc-sa/1.0/">License</a> |
<a href='../apps/cjp.rss'>RSS</a>
<!-- ukey="2AC36CD2" -->
<!-- ckey="16DF3D87" -->
<br>

 Individual code snippets can be used under this <a href='../LICENSE.txt'>BSD license</a> - Last updated on June 6, 2010.<br>
 Over 150,000 unique IPs last month - <span title='Java Practices 2.6.5, Mon May 16 00:00:00 EDT 2011'>Built with</span> <a href='http://www.web4j.com/'>WEB4J</a>.<br>
 - In Memoriam : Bill Dirani -
</div>

<script src="../../www.google-analytics.com/urchin.js" type="text/javascript">
</script>
<script type="text/javascript">
_uacct = "UA-2633428-1";
urchinTracker();
</script>



</body>

<!-- Mirrored from www.javapractices.com/topic/TopicAction.do?Id=96 by HTTrack Website Copier/3.x [XR&CO'2010], Sun, 12 Jun 2011 17:28:07 GMT -->
<!-- Added by HTTrack --><meta http-equiv="content-type" content="text/html;charset=UTF-8"><!-- /Added by HTTrack -->
</html>
